security testing
The rise of DAST 2.0 in 2025
Static Application Security Testing (SAST) found favor among security teams as an easy way to deploy security testing without really engaging developers. With the ability to …
Microsoft plans to limit security products’ access to Windows kernel mode
Microsoft has announced the Windows Resiliency Initiative, aimed at avoiding a repeat of the prolonged worldwide IT outage caused by a buggy CrowdStrike update that took down …
Essential metrics for effective security program assessment
In this Help Net Security interview, Alex Spivakovsky, VP of Research & Cybersecurity at Pentera, discusses essential metrics for evaluating the success of security …
Learning from CrowdStrike’s quality assurance failures
CrowdStrike has released a preliminary Post Incident Review (PIR) of how the flawed Falcon Sensor update made its way to millions of Windows systems and pushed them into a …
How companies increase risk exposure with rushed LLM deployments
In this Help Net Security interview, Jake King, Head of Threat & Security Intelligence at Elastic, discusses companies’ exposure to new security risks and …
Finding software flaws early in the development process provides ROI
Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software …
Debunking compliance myths in the digital era
Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 …
10 tips for creating your security hackathon playbook
For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These …
Introducing the book: Irreducibly Complex Systems
In this Help Net Security video interview, David Hunt, CTO at Prelude, discusses his book – Irreducibly Complex Systems: An Introduction to Continuous Security Testing. …
Google delivers secure open source software packages
Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev …
CI Fuzz CLI: Open-source tool simplifies fuzz testing for C++
Fuzz testing helps developers protect their applications against memory corruptions, crashes that cause downtime, and other security issues, including DoS and uncaught …
Israel’s new cyber-kinetic lab will boost the resilience of critical infrastructure
In a building under construction at the Advanced Technologies Park in Be’er Sheva, the “cyber capital” of Israel, a new governmental lab is also taking shape: the …
Featured news
Resources
Don't miss
- Microsoft introduces protection against email bombing
- Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)
- Google patches actively exploited Chrome (CVE‑2025‑6554)
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it